THREAT actors have been observed attempting to exploit PraisonAI CVE-2026-44338 within hours of its disclosure, highlighting the rapid exploitation trend noted by Sysdig. The flaw, a CVSS 7.3 authentication bypass, affects PraisonAI’s open‑source multi‑agent orchestration framework, with the legacy Flask API server shipping AUTH_ENABLED = False and AUTH_TOKEN = None, meaning unauthenticated access to endpoints such as /agents and /chat is possible.
The vulnerability affects all versions of the Python package from 2.5.6 through 4.6.33 and has been patched in version 4.6.34, with security researcher Shmulik Cohen credited for discovering and reporting the bug.
In a Sysdig report, it was noted that within three hours and 44 minutes of the advisory becoming public, a scanner identifying itself as CVE-Detector/1.0 probed the exact vulnerable endpoint on internet‑exposed instances; the advisory was published on 11 May 2026 at 13:56 UTC, and the first targeted request landed at 17:40 UTC the same day. The scanning activity originated from the IP address 146.190.133[.]49 and consisted of two passes eight minutes apart, with roughly 70 requests in each pass.
The first pass surfaced generic disclosure paths, while the second targeted AI‑agent surfaces, and a direct GET /agents with no Authorization header confirmed a bypass had succeeded, according to Sysdig.